Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2019:1343-1
HistoryMay 08, 2019 - 12:00 a.m.

Security update for libjpeg-turbo (moderate)

2019-05-0800:00:00
lists.opensuse.org
91

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

82.3%

JSON

An update that fixes three vulnerabilities is now available.

Description:

This update for libjpeg-turbo fixes the following issues:

The following security vulnerabilities were addressed:

  • CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row
    function which could allow to an attacker to cause denial of service
    (bsc#1128712).
  • CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in
    rdtarga.c, which allowed remote attackers to cause a denial-of-service
    via crafted JPG files due to a large loop (bsc#1096209)
  • CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c
    caused by a divide by zero when processing a crafted BMP image
    (bsc#1098155)

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 42.3:

    zypper in -t patch openSUSE-2019-1343=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.3i586< - openSUSE Leap 42.3 (i586 x86_64):- openSUSE Leap 42.3 (i586 x86_64):.i586.rpm
openSUSE Leap42.3x86_64< - openSUSE Leap 42.3 (i586 x86_64):- openSUSE Leap 42.3 (i586 x86_64):.x86_64.rpm
openSUSE Leap42.3x86_64< - openSUSE Leap 42.3 (x86_64):- openSUSE Leap 42.3 (x86_64):.x86_64.rpm

Related

openvas 31
nessus 43
fedora 3
suse 1
mageia 2
ubuntu 8
osv 13
ibm 5
debian 3
f5 1
veracode 2
redhatcve 4
cve 4
debiancve 3
rocky 1
ubuntucve 3
redhat 3
alpinelinux 3
prion 4
oraclelinux 2
almalinux 1
centos 1
amazon 2
cloudfoundry 3
photon 3
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1111-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0711-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for libjpeg-turbo (openSUSE-SU-2019:1118-1)
2019-04-03 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : libjpeg-turbo (SUSE-SU-2019:1111-1)
2019-05-01 00:00:00
openSUSE Security Update : libjpeg-turbo (openSUSE-2019-1343)
2019-05-09 00:00:00
openSUSE Security Update : libjpeg-turbo (openSUSE-2019-1118)
2019-04-03 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: libjpeg-turbo-1.5.3-7.fc28
2019-03-29 02:04:54
[SECURITY] Fedora 28 Update: libjpeg-turbo-1.5.3-6.fc28
2018-07-11 20:22:53
[SECURITY] Fedora 28 Update: libjpeg-turbo-1.5.3-5.fc28
2018-06-26 17:35:52
suse
suse
Security update for libjpeg-turbo (moderate)
2019-04-02 00:00:00
mageia
mageia
Updated libjpeg packages fix security vulnerabilities
2018-08-10 17:37:39
Updated libjpeg packages fix security vulnerability
2019-04-05 21:12:59
ubuntu
ubuntu
libjpeg-turbo vulnerabilities
2022-08-08 00:00:00
libjpeg-turbo vulnerabilities
2019-11-13 00:00:00
libjpeg-turbo vulnerabilities
2022-09-22 00:00:00
osv
osv
libjpeg-turbo vulnerabilities
2022-08-08 12:06:20
libjpeg-turbo - security update
2020-07-31 00:00:00
CVE-2018-14498
2019-03-07 23:29:00
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libjpeg
2023-12-07 22:45:03
Security Bulletin: Vulnerabilities in libjpeg affect IBM BladeCenter Advanced Management Module (AMM)
2018-10-03 16:25:01
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libjpeg
2023-12-07 22:45:02
debian
debian
[SECURITY] [DLA 2302-1] libjpeg-turbo security update
2020-07-31 18:28:37
[SECURITY] [DLA 1719-1] libjpeg-turbo security update
2019-03-18 19:11:26
[SECURITY] [DLA 1638-1] libjpeg-turbo security update
2019-01-22 22:18:58
f5
f5
K23406572 : libjpeg vulnerabilities CVE-2016-3616 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2018-14498
2022-02-17 00:00:00
veracode
veracode
Denial Of Service (Dos)
2019-08-08 00:07:16
Denial Of Service (Dos)
2019-08-08 00:07:17
redhatcve
redhatcve
CVE-2018-11813
2018-06-07 21:48:51
CVE-2018-14498
2019-03-11 13:20:14
CVE-2018-1152
2018-06-21 05:18:42
cve
cve
CVE-2018-11813
2018-06-06 03:29:00
CVE-2018-14498
2019-03-07 23:29:00
CVE-2018-1152
2018-06-18 14:29:00
debiancve
debiancve
CVE-2018-11813
2018-06-06 03:29:00
CVE-2018-14498
2019-03-07 23:29:00
CVE-2018-1152
2018-06-18 14:29:00
rocky
rocky
libjpeg-turbo security update
2019-11-05 20:53:12
ubuntucve
ubuntucve
CVE-2018-14498
2019-03-07 00:00:00
CVE-2018-11813
2018-06-06 00:00:00
CVE-2018-1152
2018-06-18 00:00:00
redhat
redhat
(RHSA-2019:3705) Moderate: libjpeg-turbo security update
2019-11-05 20:53:12
(RHSA-2019:2052) Moderate: libjpeg-turbo security update
2019-08-06 07:55:58
(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update
2020-10-27 14:57:54
alpinelinux
alpinelinux
CVE-2018-11813
2018-06-06 03:29:00
CVE-2018-14498
2019-03-07 23:29:00
CVE-2018-1152
2018-06-18 14:29:00
prion
prion
Heap overflow
2019-03-07 23:29:00
Code injection
2018-06-06 03:29:00
Denial of service
2018-06-18 14:29:00
oraclelinux
oraclelinux
libjpeg-turbo security update
2019-11-14 00:00:00
libjpeg-turbo security update
2019-08-13 00:00:00
almalinux
almalinux
Moderate: libjpeg-turbo security update
2019-11-05 20:53:12
centos
centos
libjpeg, turbojpeg security update
2019-08-30 03:16:23
amazon
amazon
Medium: libjpeg-turbo
2019-09-13 22:58:00
Medium: libjpeg-turbo
2019-11-04 22:23:00
cloudfoundry
cloudfoundry
USN-5631-1: libjpeg-turbo vulnerabilities | Cloud Foundry
2022-09-29 00:00:00
USN-4190-1: libjpeg-turbo vulnerabilities | Cloud Foundry
2019-11-18 00:00:00
USN-3706-1: libjpeg-turbo vulnerabilities | Cloud Foundry
2018-07-19 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0032
2023-06-20 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0414
2023-06-20 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0601
2023-06-20 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

82.3%

JSON
Related for OPENSUSE-SU-2019:1343-1
openvas31nessus43fedora3suse1mageia2ubuntu8osv13ibm5debian3f51veracode2redhatcve4cve4debiancve3rocky1ubuntucve3redhat3alpinelinux3prion4oraclelinux2almalinux1centos1amazon2cloudfoundry3photon3